We Keep Coding

PHP - How to pass variable in a text filed with double quote

My query extract a data value from mysql table where are a double quote in the text.
Select mytitle from title_table
The result is: This is my title: "for school"
This value I want to put inside a text field, but is truncated in this position This is my title:
I print the title by this: <?php echo $rows['mytitle']; ?>
How to put the entire title in a text field?
Thanks

Print inside the value of the text field, example:
<input type="text" name="title" value="<?php echo $rows['mytitle']; ?>">

I have resolve this problem. Are easy, but in a first time make a wrong Google search.
I have resolve by this: htmlentities

I think you search for this
<?php
echo '<input type="text" value="' . $rows['mytitle'] . '">';
?>
or in plain HTML with
<input type="text" value="<?=$rows['mytitle'];?>">
Look to, for the second example you must have enabled short_tags in your php.ini or use
<input type="text" value="<?php echo $rows['mytitle'];?>">

try this
<input type="text" name="yourkey" value="<?php echo $rows['mytitle'] ?>" />

Trying to print double quote form database into input field

I have a data stored in database valued xy". When I print this value in tag, or quote sign is visible. But when i output this value in input field, double quote isn't visible(it's still in database).
<input type="text" value="<?php echo $value ?>" />
The interesting thing is, when I use 2 single qoutes, output is equal to the value in database(xy''). Any ideas

Try this one
<input type="text" value="<?php echo htmlspecialchars($value) ?>" />

How can I properly escape HTML form input default values in PHP?

Given the following two HTML/PHP snippets:
<input type="text" name="firstname" value="<?php echo $_POST['firstname']; ?>" />
and
<textarea name="content"><?php echo $_POST['content']; ?></textarea>
what character encoding do I need to use for the echoed $_POST variables? Can I use any built-in PHP functions?
Please assume that the $_POST values have not been encoded at all yet. No magic quotes - no nothing.

Use htmlspecialchars($_POST['firstname']) and htmlspecialchars($_POST['content']).
Always escape strings with htmlspecialchars() before showing them to the user.

htmlspecialchars would work in both cases. Have a look at the different flag options to avoid quotation marks being a problem in the input case.

Given it is kinda long I would put it in a function
<?PHP
function encodeValue ($s) {
return htmlentities($s, ENT_COMPAT|ENT_QUOTES,'ISO-8859-1', true);
}
?>
This has ENT_QUOTES to make sure single and double quotes are encoded, but it will also encode special characters (Like in José) instead of inserting an empty string.
Then you can do:
<input type="text" name="firstname" value="<?= encodeValue($_POST['firstname']) ?>" />
and
<textarea name="content"><?= encodeValue($_POST['content']) ?></textarea>

Using a PHP variable in a text input value = statement

I retrieve three pieces of information from the database, one integer, one string, and one date.
I echo them out to verify the variables contain the data.
When I then use the variables to populate three input boxes on the page, they do not populate correctly.
The following do not work:
id: <input type="text" name="idtest" value=$idtest>
Yes, the variable must be inside <?php var ?> for it to be visible.
So:
id: <input type="text" name="idtest" value=<?php $idtest ?> />
The field displays /.
When I escape the quotes,
id: <input type="text" name="idtest" value=\"<?php $idtest ?>\" />
the field then displays \"\".
With single quotes
id: <input type="text" name="idtest" value='<?php $idtest ?>' />
the field displays nothing or blank.
With single quotes escaped,
id: <input type="text" name="idtest" value=\'<?php $name ?>\' />
the field displays \'\'.
With a forward slash (I know that's not correct, but to eliminate it from the discussion),
id: <input type="text" name="idtest" value=/"<?php $name ?>/" />
the field displays /"/".
Double quotes, escape double quotes, escape double quotes on left side only, etc. do not work.
I can set an input box to a string. I have not tried using a session variable as I prefer to avoid do that.
What am I missing here?

Try something like this:
<input type="text" name="idtest" value="<?php echo htmlspecialchars($name); ?>" />
That is, the same as what thirtydot suggested, except preventing XSS attacks as well.
You could also use the <?= syntax (see the note), although that might not work on all servers. (It's enabled by a configuration option.)

You need, for example:
<input type="text" name="idtest" value="<?php echo $idtest; ?>" />
The echo function is what actually outputs the value of the variable.

Solution
You are missing an echo. Each time that you want to show the value of a variable to HTML you need to echo it.
<input type="text" name="idtest" value="<?php echo $idtest; ?>" >
Note: Depending on the value, your echo is the function you use to escape it like htmlspecialchars.

From the HTML point of view everything's been said, but to correct the PHP-side approach a little and taking thirtydot's and icktoofay's advice into account:
<?php echo '<input type="text" name="idtest" value="' . htmlspecialchars($idtest) . '">'; ?>

If you want to read any created function, this how we do it:
<input type="button" value="sports" onClick="window.open('<?php sports();?>', '_self');">

I have been doing PHP for my project, and I can say that the following code works for me. You should try it.
echo '<input type = "text" value = '.$idtest.'>';

What is the best way to echo results from the database into html code in PHP?

when I have a value like this in the database ("foo")
how can I echo it without any conflict with html code
notice
<input type="text" value="<? echo '"foo"'; ?>" />
the result will be like this
<input type="text" value=""foo"" />
how can I fix it ?

use urlencode
or htmlspecialchars
link

You can use htmlentities to overcome this problem like so:
<input type="text" value="<? echo htmlentities('"foo"'); ?>" />
this will return
<input type="text" value=""foo"" />
avoiding any conflict with html.

htmlspecialchars() basically, for example
<input type="text" value="<? echo htmlspecialchars($value, ENT_QUOTES); ?>" />
The ENT_QUOTES is optional and also encodes the single quote ' .
I used $value since I'm not sure what exactly you have in the database (with or without quotes?) but it will sit in some kind of variable if you want to use it anyway, so, I called that $value.
Since the above is a bit unwieldy I made a wrapper for it:
// htmlents($string)
function htmlents($string) {
return htmlspecialchars($string, ENT_QUOTES);
}
So you can
<input type="text" value="<? echo htmlents($value); ?>" />
Not to be confused with the existing htmlentities(), which encodes all non-standard characters. htmlspecialchars() only encodes &, <, >, " and ', which is more appropriate for UTF8 pages (all your webpages are UTF8, right? ;-).

First, don't use short tags ('
Next, your HTML is malformed because you've got an extra set of quotes. Since you seem to be taking the approach of embedding PHP into the HTML, then a quick fix is:
<input type="text" value="<?php echo 'foo'; ?>" />
...although since this value is coming from your database it will be stored in a variable, probably an array, so your code should look more like:
<input type="text" value="<?php echo $db_row['foo']; ?>" />
For clarity, most programmers would try to eliminate switching between PHP parsed and non-parsed code either using a template system like smarty or....
<?php
....
print "<input type='text' value='$db_row[foo]' />\n";
....
?>
(Note that
1) when the variable is within double quotes with a block of PHP, the value is automatically substituted
2) when refering to an associative array entry within a double quoted string, the index is NOT quoted.
HTH
C.

<?php
echo "<input type='text' value='{$foo}' />" ;
?>